refactoring fully authorized check and catching bug
This commit is contained in:
parent
488cc2dfdd
commit
242e912519
|
@ -220,14 +220,19 @@ module CanCan
|
|||
if cannot?(action, subject, *args)
|
||||
message ||= unauthorized_message(action, subject)
|
||||
raise AccessDenied.new(message, action, subject)
|
||||
else
|
||||
not_fully_authorized = false
|
||||
not_fully_authorized = true if %w[create update].include?(action.to_s) && attribute.nil? && has_attributes?(action, subject)
|
||||
not_fully_authorized = true if subject.kind_of?(Symbol) && has_instance_conditions?(action, subject)
|
||||
fully_authorized!(action, subject) unless not_fully_authorized
|
||||
elsif sufficient_attribute_check?(action, subject, attribute) && sufficient_condition_check?(action, subject)
|
||||
fully_authorized!(action, subject)
|
||||
end
|
||||
end
|
||||
|
||||
def sufficient_attribute_check?(action, subject, attribute)
|
||||
!(%w[create update].include?(action.to_s) && attribute.nil? && has_attributes?(action, subject))
|
||||
end
|
||||
|
||||
def sufficient_condition_check?(action, subject)
|
||||
!((subject.kind_of?(Symbol) || subject.kind_of?(String)) && has_instance_conditions?(action, subject))
|
||||
end
|
||||
|
||||
def unauthorized_message(action, subject)
|
||||
keys = unauthorized_message_keys(action, subject)
|
||||
variables = {:action => action.to_s}
|
||||
|
|
|
@ -259,6 +259,8 @@ describe CanCan::Ability do
|
|||
@ability.can :update, :ranges, :begin => 1
|
||||
@ability.authorize! :update, :ranges
|
||||
@ability.should_not be_fully_authorized(:update, :ranges)
|
||||
@ability.authorize! "update", "ranges"
|
||||
@ability.should_not be_fully_authorized(:update, :ranges)
|
||||
end
|
||||
|
||||
it "is not fully authorized when a block exists but no instance is used" do
|
||||
|
|
Loading…
Reference in New Issue
Block a user